TDS-3 and BOClean

I have recently downloaded a licensed version of TDS-3. I currently have BOClean running resident as my AT. Would I be able to run TDS-3 execution protection as well, or will this cause a conflict? Will this cause a problem on a 1.2 GHz AMD Athlon with 256Mb RAM running Win98SE? Thanks in advance.

quoting: octogen link=board=5;threadid=6102;start=0#40505 date=1042066012]
I have recently downloaded a licensed version of TDS-3. I currently have BOClean running resident as my AT. Would I be able to run TDS-3 execution protection as well, or will this cause a conflict? Will this cause a problem on a 1.2 GHz AMD Athlon with 256Mb RAM running Win98SE? Thanks in advance.

Click to expand...

I have had success with this combination on Windows ME and Windows XP systems. And I don't see there would be a conflict (although if you throw your anti-virus into the mix, it might cause the issues - NOD32 and Norton don't seem to cause problems, however, with both of those ATs running resident).

TDS-3 does not have a file system filter driver so it should not be a problem.

As i know or better guess it uses shell extensions (exefile->command->load) in the registry.

If this is true (i assume this)
Then it acts like a filter at application level.
That means TDS gets called with each EXE File which is executed.
TDS Scans the file and if it is clear it starts a new process with the given path+file -> this is then your process/program which should be clean.

quoting: Gladiator link=board=5;threadid=6102;start=0#40542 date=1042084667]
TDS-3 does not have a file system filter driver so it should not be a problem.

As i know or better guess it uses shell extensions (exefile->command->load) in the registry.

If this is true (i assume this)
Then it acts like a filter at application level.
That means TDS gets called with each EXE File which is executed.
TDS Scans the file and if it is clear it starts a new process with the given path+file -> this is then your process/program which should be clean.

Hope this helps
Michael

Click to expand...

TDS's execution protection is a shell extension, yes (or at least a main component of it is). The dll is set-up up as an administrator approved shell extension (based upon its CLSID) and then is placed under the ShellExecuteHooks key in the registry (again with its CLSID). Since it IS a shell extension based on my tests (or again, at least part of it is), I'm fairly sure it doesn't scan the file then start a new process - it probably just simply scans the file and either tells the system to "pass it on" or to "stop execution", and it won't go any further down the chain (which is a required function or the system can get hung up over that file - shell execute hooks have to return a value).

If it's a hook (in your case) or a kernel mutex / spin (driver) you have only to pass the handles as success or failed.
Means for instance you return the value "ACCESS_DENIED" if a backdoor was found - all ok.

lol yup thats a newbys best combo hmmm will i have had problems with boclean v4.9 tds with windows me

4.10 seems to work fine except in cases of low ram when tds scans boclean it sta;;s for long time in many times it dosent freeze it just seeme like it does cause it takes forever but if you wait it keeps going.

ram seems to be a big issue with tds and boclean working all at once.

but there really no excuse for low ram

for old machince you can get a stick of 256 sd ram for 30 bucks for 60 bucks you can max out your pc

i think at best buy i saw 512 ddr ram or what ever that new rams called for like a 120 bucks that means for like 249 you can have 1024 ram or something crazy like that

PS1: on W98 SE you can have no more than 512 MB RAM.
PS2: be carefull with the kind of RAM you buy; there are lots of different kinds out these days; you have the buy the right kind of RAM for your motherboard.
PS3: Blaze, did you manage to get your RAM problem solved? I really do hope so!!! If you like to tell us, do so in that thread at TenForward which you started not so long ago about it.

Quote from the TDS-3 Helpfile:
[hr]
Execution Protection

Execution protection is a unique system exclusive to TDS-3 and DiamondCS WormGuard that uses a non-resident hook which allows TDS-3 to intercept and scan files as they are executed (but before they are loaded) and actually prevent infection by blocking/aborting the execution if the file was deemed harmful. As the hook is non-resident it uses no extra memory or resources, and it isn't susceptible to the TerminateProcess issue that virtually all other hook mechanisms are susceptible to.

How does it work? When you execute a file, the operating system - before it even loads the file - asks the DiamondCS execution hook "Allow this file to continue processing?", and then waits for a Yes/No response from the hook. This allows TDS-3 to scan inside the file and abort the execution if the file is deemed dangerous or has been identified as a trojan.

Thanks again, javacool, Gladiator, Jooske, MrBlaze and FanJ. I now have TDS-3 up and running with exec protection installed. No problems with programs running resident (Kerio, NOD32, IEClean, BOClean and Proxomitron). I look forward to learning more about this powerful tool. Thanks again!

If BOClean keeps giving you problems, you could try the following. Kevin once told it me, and I just saw it mentioned again in a thread at the GRC-forum where someone posted the same trick which Kevin told him.

1. Shutdown BOClean.
2. Open the file boclean.ini (located in the directory C:\windows ) in NOTEPAD
3. Under the [Prefs] heading add the following new line:
Memtiming=200
4. Then hit SAVE (instead of "Save as" in the file item up top) and then stop.
5. Restart BOClean.

quoting: Jooske link=board=5;threadid=6102;start=0#40581 date=1042097324]
Octogen, severaql people are using BOClean beside TDS-3 with no problems, being BOC the resident scanner and TDS-3 on demand with the exec protection as a permanet extra.

Click to expand...

Häh ?

Don't make me nervous,man.Thought,my TDS-3 is the tornado-deluxe-defender.
What do you mean by "permanent extra" ?

and read my post. Also javacool has just realeased a great new proggy as well called SpywareGuard [stops installation of spyware in conjunction with SpywareBlaster] available also in download section of this site.